Iceberg Client Credit

Show mobile navigation

Your right to privacy is important to us.  We know that your personal data belongs to you and not to us. That’s why we take the security of your information seriously and have strict policies and processes in place to ensure it is kept private and safe.

This privacy notice describes the way we collect your information, how we use it and why.

Who we are

Iceberg Client Credit is part of Paragon Banking Group (the Group).

The Group is made up of many different legal entities. The letterhead we use when we write to you will let you know which entity you have a relationship with.

More information on the Group can be found at

Where we use the term ‘we’ in this notice we mean the relevant member of the Group who is processing your personal information.

The entity you have a relationship with will be the controller of any personal information you provide to us. The Group’s Company Registration number is 2336032 and its registered address is 51 Homer Road, Solihull, B91 3QJ.

If you have any queries about how your personal information is used by us, which are not answered in this notice, please contact the Data Protection Officer (DPO) 51 Homer Road, Solihull, B91 3QJ or email .(JavaScript must be enabled to view this email address).

What is personal data?

Personal data is considered to be any information that either alone, or in combination with other information, would identify you as a living individual. For example, your name and date of birth.

How do we collect your information?

The type of loan or other product you have with us will dictate how your personal information is collected.

Personal information may be provided to us by;

  • You or a third party

And may be provided;

  • electronically
  • by  telephone
  • within paper correspondence

When applying for a product or service we will ask you to provide some information about yourself for security, identification and verification purposes.

When completing any forms, we will always tell you how your information will be used in relation to the product or service you are applying for within the declaration and in any associated terms and conditions.

When you provide any information about others (eg for a joint account) you must ensure that you have their consent or are otherwise entitled to provide the information to us.

If you are an introducer of business, the information provided in this notice also explains how we manage your personal data, as well as any business you provide.

We may monitor or record phone calls with you to ensure we have carried out your instructions correctly, to resolve queries or issues, to improve our quality of service, for regulatory purposes and to help prevent or detect fraud or other crimes. We also record conversations for employee training purposes.


You can visit our website without telling us who you are or revealing any information about yourself.  When we ask you for personal information online it will only be in response to you applying for, or using, one of our online products or services.

We will not use information and/or any statistical analytics tool to track or collect any personally identifiable information about visitors to our site.

We will not associate any data gathered from our website with any personally identifying information from any source. If you have logged into our site, please review our Cookie Policy at to see what information may be recorded.

What personal data do we process?

We may process the following personal information;

  • Account Number
  • Full name
  • Gender
  • Date of birth
  • Address (both security and residential)
  • Address history
  • Country of birth
  • National Insurance Number
  • Tax details such as tax reference numbers
  • Any User ID you may provide or create
  • Any password you may provide or create
  • Memorable Information (provided to us to in some instances to be used as a security check for account access)
  • Employment details
  • Corporate Directors – position within the company
  • Contact details, including phone number and email address
  • Bank account number
  • Sort Code
  • Third party reference numbers
  • Passport information
  • Vehicle details
  • Driving licence information
  • Device ID including IP addresses
  • If you have requested a third party act on your behalf, the name and contact details of this party

Throughout the life of your account, you may provide the following information to us:

  • Your racial or ethnic origin
  • Political opinions
  • Your religious or philosophical beliefs
  • Trade union membership
  • Data concerning your health
  • Data concerning your sex life or sexual orientation

These pieces of information are considered to be  special categories of data. We will only record them if they are relevant to the management of your account (for example, if you have a medical condition which means you require a bespoke communication approach) and we will not record this information without your explicit consent. You are able to withdraw this consent at any time, just get in touch.

On what basis are we allowed to process your personal data?

Under Data Protection law we are only allowed to process your personal data if we have a proper reason to do so. This includes sharing it outside the Group. The law allows us to process your data for one or more of the following reasons;

  • to fulfil a contract we have with you
  • when it is our legal duty
  • when it is in our legitimate interest
  • when you consent to it

A legitimate interest is when we have a business or commercial reason to use your information. This reason must not unfairly go against what is right and best for you.

The table below shows the ways we may use your personal information and why;

What we use your personal information for The reason/s why we can use your personal information
  • To verify your identity
  • To manage our relationship with you
  • To find new ways to meet our customers’ needs and to grow our business
  • To develop and carry out marketing activities
  • To understand how our customers use our products and services
  • Fulfil a contract
  • Legal duty
  • Legitimate interest
  • To develop and manage our products and services
  • To manage how we work with other companies that provide services to us and our customers
  • Fulfil a contract
  • Legal duty
  • Legitimate interest
  • To deliver our products and services
  • To make and manage customer payments
  • To manage fees, charges and interest due on customer accounts
  • To collect and recover money that is owed to us
  • Fulfil a contract
  • Legal duty
  • Legitimate interest
  • To respond to complaints and seek to resolve them
  • To detect, investigate, report and seek to prevent financial crime
  • To comply with laws and regulations that apply to us
  • To manage risk for us and our customers
  • To prevent fraud and money laundering
  • Fulfil a contract
  • Legal duty
  • Legitimate interest
  • To exercise our rights set out in agreements or contracts
  • To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit requirements
  • Legal duty
  • Legitimate interest
  • To exercise our rights set out in agreements or contracts
  • Fulfil a contract

Who do we share your personal data with and why?

We may share your personal information with the following third parties;

  • with your employer(s), landlord, accountant, banker, current and previous lenders and HMRC to request information from them so that we can assess whether you meet the eligibility criteria if you have applied for a mortgage or loan
  • with businesses who may process data on our behalf as part of a contract
  • with our insurers for insurance purposes
  • with valuers and other organisations involved in the provision of valuation services to enable them to carry out valuations of your property
  • if you use Direct Debits, with the Direct Debit Scheme
  • with third parties to whom your mortgage, loan or account is, or may be, assigned or transferred
  • with credit reference agencies (CRAs) to carry out credit checks and record details of your repayment history. The CRA’s have drafted a notice called ‘Credit Reference Agency Information Notice’ (CRAIN) which sets out how your data will be processed by TransUnion, Equifax and Experian. Please go to, or to read the notice and for the full Experian privacy notice
  • the credit reference agencies we normally use are:
     • Equifax Ltd, Customer Services Centre, PO Box 10036, Leicester LE3 4FS
     • Experian, Consumer Help Service, PO Box 8000, Nottingham, NG1 5GX
     • TransUnion, 1 Park Lane, Leeds, LS3 1EP
  • If you are a Limited Company Director, in addition to the above we may also share your information with Creditsafe. They can be contacted at Bryn House, Caerphilly Business Park,
  • Van Road, Caerphilly, CF83 3GR
  • If you would like to see the information that these credit reference agencies hold about you, please contact them directly; they will be able to explain how you may progress your request and any charges that may apply.
  • with fraud prevention agencies (including the National Crime Agency, Action Fraud and the Home Office) to protect us from fraud and money laundering.  We may also pass information to financial and other organisations involved in fraud prevention including law enforcement agencies who may also access and use this information to detect, investigate and prevent crime. The Fraud Prevention Agencies we typically use and their contact details are as follows:
    • Synectics Solutions -
    • National Hunter - .(JavaScript must be enabled to view this email address)
    • RiskNarrative – Global Reach, Dunleavy Drive, Cardiff, CF11 0SN
    We may decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity.  If you give false or inaccurate information and we suspect fraud we will record this. Please go to  to read the Cifas privacy notice in full
  • with identification checking agencies who will carry out electronic identity checks on you and who will record details of the check, regardless of whether your application proceeds
  • with third parties where we are legally required or permitted to do so, for example for crime prevention purposes or to protect our right or the rights of our group companies, employees or customers
  • with regulators, government and public sector agencies as and when required and where a lawful basis for the transfer of personal data exists
  • if you have a mortgage or second charge mortgage with us, we may share information with other lenders who also hold a charge on the property
  • with regulatory bodies where we are required to do so for legal and regulatory purposes for example, the Financial Services Compensation Scheme (FSCS)
  • if we buy or sell any business or assets we may share your information with the prospective seller or buyer of the business or assets. If we go through a corporate merger, consolidation, sale of assets or other corporate change, we may also pass your information on to the buyer or our successors in business to ensure they can continue to operate the business effectively or make full use of the assets sold.       
  • If you would like to know which specific third parties process data on our behalf, please contact our Data Protection Officer (DPO) 51 Homer Road, Solihull, B91 3QJ or email .(JavaScript must be enabled to view this email address).

Possible consequences of us processing your personal data

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, finance or employment to you. If you have any questions about this, please contact us.


From time to time  we may make you aware of products or services  which are similar to the ones you currently hold with us that may be of interest to you. We will only do this if we consider this type of processing to be a legitimate business interest. You are able to get in touch and ask us to stop sending you these messages at any time. If you chose not to receive marketing information you will still receive important information about your product or service.

How long will we keep your personal information?

We will keep your personal information for as long as you are a customer of Paragon Banking Group.  After you stop being a customer we may keep your data for up to 12 years for one of these reasons;

  • to respond to any questions or complaints
  • to show that we treated you fairly
  • to maintain records according to our regulatory and statutory obligations

We will keep your data for longer than this if we cannot delete it for legal, regulatory or technical reasons. We will also keep it for research, fraud prevention, money laundering, capital, liquidity, risk, statistical analysis and business forecasting purposes. When this happens, we will make sure that your privacy is protected and we will only use it for these purposes.

You or a third party may send information to us as a prospective customer. If we do not have any products that are suitable for you, or you decide not to proceed with your application for any reason, we will store the personal information provided to us for no longer than two years.

Fraud prevention agencies can hold your personal data for different periods of time and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 years. In some cases Paragon may hold your data for an indefinite period.

Your information rights

You have various rights in terms of how and why your personal data is processed. Please contact us at any time if you wish to exercise these rights:

  • You have the right to rectify and correct inaccurate or out of date information at no extra cost
  • You may be able to request the deletion or removal of personal data where there is no compelling reason for its continued processing. You don’t have an absolute ‘right to be forgotten’ but we will consider the request in specific circumstances
  • You have the right to ask us not to use your information for marketing purposes and to ask us to stop sending you marketing communications
  • You have the right to restrict and/or object to certain processing, providing it meets the requirements set out in law
  • You have the right to obtain human intervention if contesting a decision based on any automated decision-making means. For example, before offering you a loan, we may carry out an automated credit search. CRA’s provide us with data and analytics that may help us with this search and our own data, knowledge, processes and practices will also play a significant role in our decision to lend. If you contest the automated decision, we are able to carry out a manual review of your data.   However, this may not change the outcome of the initial automated decision and this may result in you still being refused a product or service
  • You have the right to move, copy or transfer personal data. If we are processing data to perform our obligations to you, or because you consented, if that processing is carried out by automated means, we will help you to move, copy or transfer your personal data to other IT systems. If you request, we will supply you with the relevant personal data in a format which is readily accessible by most IT systems
  • You have a right to access the personal information that we hold about you. We won’t charge you for this request, however, we may charge a reasonable fee if your request is largely unfounded or if you make repeated requests. Please make your request to the team that services your account. If you require a specific document please make this clear. Telephone calls will not be provided as standard as not all departments will record their calls. If you require a specific conversation, please provide as much detail as possible to enable us to locate this on your behalf

Transfer of your personal information overseas

Some or all of your personal information may be transferred to, stored or processed by service providers of ours located in countries outside the UK.

In these circumstances we will take the necessary steps to ensure that the transfer of your data is in line with UK data protection requirements and that your information is treated securely and protected to a similar standard. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/ or for our legitimate interests.

If we do transfer information outside of the UK, we will make sure that it is protected in the same way as if it was being used in the UK.

We may put in place the approved standard contractual clauses (as approved by the UK and European Commission) which constitute appropriate measures to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the European Union (EU) and UK laws on data protection.

If you are an Expatriate, due to the nature of the product you have chosen, a set of transfers of your information to countries outside of the UK may be required. Our lawful basis for these transfers is because they are necessary to implement precontractual measures and for the performance of a contract between you and Paragon.

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area (EEA), they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing. For further information please contact the fraud prevention agencies listed within this notice.

If you chose not to give personal information

We may need to collect personal information by law, under the terms of a contract we have with you. If you chose not to give us this personal information it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It could mean that we cancel a product or service that you have with us.


If you wish to complain about how we have treated your personal data, please contact the complaints team within your usual servicing department to discuss your concerns.

You may also refer your concerns to the Information Commissioner’s Officer (ICO), the body that regulates the handling of personal data in the UK. You can contact them by:

Phone: 0303 123 1113

Writing: Information Commissioner’s Officer, Wycliffe House, Water Lane, Wilmslow, SK9 5AF


Changes to our notice

This notice was last updated in January 2023.

Download a print friendly version of this notice





About cookies on our website

Following a revised EU directive on website cookies, each company based, or doing business, in the EU is required to notify users about the cookies used on their website.

Our site uses cookies to improve your experience of certain areas of the site and to allow the use of specific functionality like social media page sharing. You may delete and block all cookies from this site, but as a result parts of the site may not work as intended.

Please click here to view our full Cookies Policy.

Click on the button below to accept the use of cookies on this website (this will prevent the dialogue box from appearing on future visits)

Saving changes